Messages

I added out and in rule because I need to be able to register the camera to the NVR and it needs bi directional traffic?
The rules right below block all traffic between those networks if I understand them correctly.

No, read about "stateful firewall".

How about ipv6?

rule 1 and 2: /32 instead of /24

why OUT rules? normally only IN needed. IN with respect to the interface....

Hi, I see different problems with your BLOCK rule:

- You want to block ipv6 traffic for ipv4 adresses (in your cam alias)? What is the status for ipv6 on your LAN? Place a general block ipv6 above your block rule and reduce the existing block rule to ipv4 protocols.

- Do your cams get reserved (static mapping, always identical) IPs (based on MAC) via DHCP? Only in this case the block rule will block the cams reliably.

Cheers (noisy in here... hohoho)

https://www.startpage.com/do/dsearch?q=problem+pppoe+opnsense&cat=web&language=english

and so...

https://www.youtube.com/watch?v=pAyKJAtDNCw

I know, it's not really giving comfort, but...

Skip ssh rules in your config for Suricata. Done.

Are you exposing ports on WAN?

If not: why run Suricata on that interface in the first place? To watch and see that the internet is a bad, bad place? :-D

Or at least disabel SSH rules, if no ssh port open...

System -> Configuration -> History vielleicht...

Hi, hier 25.7.8 und alle logs normal mit Firefox (latest)...

Anderer Browser (Palemoon) kann seit Jahren keine Logs der OPNsense darstellen. Browser gewechselt?

Related:

https://github.com/opnsense/core/issues/8386

?

Just an idea: NAS only allowing access from LAN IPs?

Set up OPT1 Interface with IP range different from LAN, including DHCP, DNS and outbound NAT.

Create FW rule on LAN to block traffic to OPT1network and vice versa. Done.

...den Ärger würde ich mir sparen und den wifi AP über einen Switch in's LAN einbinden. Für das freie Interface fällt dir bald was besseres ein. Gästenetz oder IOT oder sonstwas.

Hab einen ähnlichen Aufbau mit Powerlineadaptern und wifi APs und immer wieder Probleme mit Clients im selben (!) LAN, die aus dem wifi nicht erreichbar sind. Die ARP Auflösung funzt dann nicht, die MAC der entsprechenden Clients ist nicht auflösbar. Manchmal geben sich die Problem nach einiger Zeit, manchmal nicht. Powerline ist mit ARP manchmal überfordert.

...solange auf keinem Client NTP, DNS oder ähnliches im 10.0.x.x fest gesetzt sind...

So no replacement for the rule separators? How much can it cost to write these few lines of code to have these colored separators?

With "Inspect" plus "Tree" plus "Expand/collapse" I see the Automatic rules... But not the rest, even if I check some categoriesmore to the left, same row.